Wednesday, April 19, 2006

Me+ A little knowledge = Dangerous

So, the saga continues, even if the computer doesn't. Fortunately, the big box store has a cool return policy and I was well within its time frame.

Return. Receive refund. Noquestions asked.

But researching online from the great library, here's what I found -- other people with MSHOME as a network on their computer -- default name for XP, apparently. In fact, lots of people use it for their own home networking name.

But some other people, like me, never created a network. Yet here they were, grouped with strangers. Like suddenly finding yourself tossed into a party with a gang of Satanists and all the exits blocked.

When I just happened to open "EntireNetwork" and looked inside "Microsoft Windows Network" I saw a new entry: "Mshome." Some hacker actually has his own hard drive on my computer! Inside "Mshome" is "custom (Custom)" which contains "Ares," "C," "Printer" and "Shared Docs" folders. C is what you'd expect: Program files, Downloads, WINDOWS and even System Volume Infronation. I can right-click and "Search" the contents, butI can't delete or change any of it -- "Access is denied."

So I've got two questions: (1) How do I delete this sizeable invasion?(2) How to block this from happening again?

I've seen many kind, knowledgable responses here, but my quick search didn't turn up anything like this. I would greatly appeciate your help. Thank you in advance.

I have AntiVir and Sygate running all the time. Twice a month I scan with Ad-Aware SE, Search & Destroy, Trojan Remover, PC Bug Doctor, MS Antispyware and Win Patrol. I'm a freeware junkie but check all downloads with Ewido as well as my antivirus before opening.

I've got Windows XP Home on a home-made unit of AMD 900,512 memory, and two 20 gig HDDs. It's wired directly to a wireless Airlink router that allows my home office's backup computer and laptop to access the Internet. The main and backup units are always on; the aged laptop is seldom used.

I use graphics programs that hog resources, so I keep a closewatch on what processes start up and are running, killing some as needed to finish a project. So this infestation comes as a shock. What to do and in what order?

Unfortunately for RevRusty (and me) nobody responded with how to fix this problem.Because, really? You can't. Think about it. Would you trust any data from a compromised system? Even lookout data that gave you the 'all clear below' message? I wouldn't. The Dell remained hacked, even after Obi Jim Kenobi claimed to have flattened the drive and washed it several times.

How do I know?

Well, when Jim reinstalled everything, including a fresh Windows 98 (with explicit demand I not ask from whence said program came), he said "It's a helluva thing. I had to go online to download your audio and video drivers. They wouldn't reinstall."

This past weekend, on the new machine, when I tried to system restore -- my audio and video drivers (different hardware from the Dell) disappeared. Mostly due to a scripting program that told them to hit the road next time I tried to restore - along with the Recycle Bin and a few other programs). I realized then Jim didn't reload everything from scratch. Maybe he wiped the drive, but it was a bit streaky, shall we say.

Sorry to digress. The point is that once someone completely takes over your computer and has more permissions on it than you do, they've gotten to the core of your system. Everything down to the BIOS is scrap.

Which brings me to my birthfather's allegedly unnetworked Dell. Which somehow also belongs to a network workgroup called....wait for it...MSHOME. Which would be fine - had he created it, or knew about it. He didn't.He also was running a LAN connection; pretty surprising, given he's on a crap dialup modem. And until I disabled the LAN, said connection never showed up as viewable in the connections screen.In his registry were also about 17 threaded references to msmgs.exe -- the W32.Alcarys.B, W32.Alcarys.G worm.

Now, that comes imbedded in email images. But since I didn't even have time to read my email with the new pc - let alone check out pictures - I'm not sure how it got dumped into my system. Except that this time, as with the Dell before, the damn MSN Messenger Icon and program wouldn't go away with removing it from the registry.

Based on this, the fact we couldn't alter his startup.ini file, the mysterious LAN connection, and the fact 6,175,278 packets came to his machine yesterday over a two hour period, it looks like he'll need to flatten the pc and start over.

I've been using computers since 1989 - when Windows 3.1 was a brand new spiffy option for your computer, but hardly a necessity. And after the experiences of this past week, as well as those from a few years ago, I've soured on them. Could give a crap about computers, actually.

It's sunny outside. My kids are growing up, my parents lives are ebbing, and I've been in a social coma for far too long. The weigela and sand cherry tree I planted last year are getting leaves, and it's time to fertilize the lawn.

The last thing I need is one more problem in the form of plastic, metal and software. In any form, actually.

So from here on out, whatever blogging I do will come from the public library. Their systems seem secure enough. Besides, they've rendered it impossible to use the run command and do a quick netstat check, just to be sure. . .